3 Idiots

ry going to Start > Run type "Taskkill /T /IM "RVHOST.EXE"

Open a notepad window and copy and paste the following

On Error Resume Next

Set shl = CreateObject("WScript.Shell")

Set fso = CreateObject("scripting.FileSystemObject…

shl.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Wi… entVersion\Policies\System\DisableRegist…

shl.RegDelete "HKEY_CURRENT_USER\Software\Microsoft\Wi… entVersion\Policies\System\DisableTaskMg…

shl.RegDelete

Save this as Enable.vbs

Run Enable.vbs

Now go to Start > Run > type "regedit"

In the left panel, double-click the following:

HKEY_CURRENT_USER>Software>Microsoft>

Windows>CurrentVersion>Run

In the right panel, locate and delete the entry:

Yahoo Messengger = "%System%\RVHOST.exe"

(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, and C:\Windows\System32 on Windows XP and Server 2003.)-->

Removing Other Entry from the Registry

Still in Registry Editor, in the left panel, double-click the following:

HKEY_CURRENT_USER>Software>Microsoft>W…

CurrentVersion>Policies>Explorer

In the right panel, locate and delete the entry:

NofolderOptions = "1"

Restoring Modified Entries from the Registry

Still in Registry Editor, in the left panel, double-click the following:

HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>… NT>

CurrentVersion>Winlogon

In the right panel, locate the entry:

Shell = "Explorer.exe RVHOST.exe"

Right-click on the value name and choose Modify. Change the value data of this entry to:

Explorer.exe

In the right panel, double-click the following:

HKEY_LOCAL_MACHINE>SYSTEM>CurrentContr…

Services>Schedule

In the right panel, locate the entry:

NextAtJobId = "2"

Right-click on the value name and choose Modify. Change the value data of this entry to:

1

Close Registry Editor.

Deleting the Malware File(s)

Right-click Start then click...